Topics Map > University of Chicago > IT Services > Accounts, Identity, & Security > Security
Digital Certificate - Use a Code Signing Certificate
This article provides an introduction to the use of Code Signing Certificates (also known as a Software Publishing Certificate), which can be used to digitally sign software.
IT Services provides free Code Signing Certificates via the InCommon Certificate Service. Code signing certificates can be used to digitally sign software executables and scripts. The digital signature can help users of the signed software confirm that the software is genuine by authenticating the source of the software (that is, who published it) and verifying the integrity of the content (that is, the code hasn't been modified since signed).
Uses of Code Signing Certificates include:
Signing Java jar files
Signing Adobe AIR applications
Overview of the Process
Once you receive a Code Signing Certificate via email you can immediately begin signing and distributing your software. The typical process for signing code includes using a utility program such as signcode.exe, codesign, or signtool. This utility must meet these minimum requirements:
Create a cryptographic hash of your software code.
Encrypt the hash using your private key.
Create a package containing your code, the encrypted hash, and your code signing certificate.
Specific Code Signing Tools
The specific method for signing your software varies according to what code signing software and environment you are using and is outside the scope of this document. However here are some links to useful starting points to learn more:
The digital signature for your software can be valid beyond the lifetime of your Code Signing Certificate if you use timestamping. This service is provided by Comodo at the URL http://timestamp.comodoca.com/authenticode. For more information please see: Comodo Knowledge Base: "Timestamping"